Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re^3: PerlTaintCheck and configuration for secure paths

by shmem (Canon)
on Jun 22, 2006 at 17:51 UTC ( #556964=note: print w/ replies, xml ) Need Help??


in reply to Re^2: PerlTaintCheck and configuration for secure paths
in thread PerlTaintCheck and configuration for secure paths

If $thumbName was constructed with whatsoever variable that is tainted and not sanitized, it becomes tainted as well.

In perlsec is a snippet of code:

sub is_tainted { return ! eval { eval("#" . substr(join("", @_), 0, 0)); 1 }; }
--shmem
_($_=" "x(1<<5)."?\n".q/)Oo.  G\        /
                              /\_/(q    /
----------------------------  \__(m.====.(_("always off the crowd"))."
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}


Comment on Re^3: PerlTaintCheck and configuration for secure paths
Select or Download Code
Re^4: PerlTaintCheck and configuration for secure paths
by geektron (Curate) on Jun 22, 2006 at 18:08 UTC
    the operative phrasing i missed: *not sanitized* ... after re-reading perlsec for the 3231244^34 time today, the "not sanitized" part kicked in.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://556964]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (17)
As of 2015-07-02 16:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (44 votes), past polls